diff --git a/src/agents/model-auth-label.test.ts b/src/agents/model-auth-label.test.ts
index adcb6ce49b6..85fa4bc43fb 100644
--- a/src/agents/model-auth-label.test.ts
+++ b/src/agents/model-auth-label.test.ts
@@ -25,13 +25,14 @@ describe("resolveModelAuthLabel", () => {
     resolveAuthProfileDisplayLabelMock.mockReset();
   });
 
-  it("does not throw when token profile only has tokenRef", () => {
+  it("does not include token value in label for token profiles", () => {
     ensureAuthProfileStoreMock.mockReturnValue({
       version: 1,
       profiles: {
         "github-copilot:default": {
           type: "token",
           provider: "github-copilot",
+          token: "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
           tokenRef: { source: "env", provider: "default", id: "GITHUB_TOKEN" },
         },
       },
@@ -45,10 +46,12 @@ describe("resolveModelAuthLabel", () => {
       sessionEntry: { authProfileOverride: "github-copilot:default" } as never,
     });
 
-    expect(label).toContain("token ref(env:GITHUB_TOKEN)");
+    expect(label).toBe("token (github-copilot:default)");
+    expect(label).not.toContain("ghp_");
+    expect(label).not.toContain("ref(");
   });
 
-  it("masks short api-key profile values", () => {
+  it("does not include api-key value in label for api-key profiles", () => {
     const shortSecret = "abc123";
     ensureAuthProfileStoreMock.mockReturnValue({
       version: 1,
@@ -69,8 +72,30 @@ describe("resolveModelAuthLabel", () => {
       sessionEntry: { authProfileOverride: "openai:default" } as never,
     });
 
-    expect(label).toContain("api-key");
-    expect(label).toContain("...");
+    expect(label).toBe("api-key (openai:default)");
     expect(label).not.toContain(shortSecret);
+    expect(label).not.toContain("...");
+  });
+
+  it("shows oauth type with profile label", () => {
+    ensureAuthProfileStoreMock.mockReturnValue({
+      version: 1,
+      profiles: {
+        "anthropic:oauth": {
+          type: "oauth",
+          provider: "anthropic",
+        },
+      },
+    } as never);
+    resolveAuthProfileOrderMock.mockReturnValue(["anthropic:oauth"]);
+    resolveAuthProfileDisplayLabelMock.mockReturnValue("anthropic:oauth");
+
+    const label = resolveModelAuthLabel({
+      provider: "anthropic",
+      cfg: {},
+      sessionEntry: { authProfileOverride: "anthropic:oauth" } as never,
+    });
+
+    expect(label).toBe("oauth (anthropic:oauth)");
   });
 });
diff --git a/src/agents/model-auth-label.ts b/src/agents/model-auth-label.ts
index 4538cc1c872..ca564ab4dec 100644
--- a/src/agents/model-auth-label.ts
+++ b/src/agents/model-auth-label.ts
@@ -1,6 +1,5 @@
 import type { OpenClawConfig } from "../config/config.js";
 import type { SessionEntry } from "../config/sessions.js";
-import { maskApiKey } from "../utils/mask-api-key.js";
 import {
   ensureAuthProfileStore,
   resolveAuthProfileDisplayLabel,
@@ -9,28 +8,6 @@ import {
 import { getCustomProviderApiKey, resolveEnvApiKey } from "./model-auth.js";
 import { normalizeProviderId } from "./model-selection.js";
 
-function formatApiKeySnippet(apiKey: string): string {
-  const compact = apiKey.replace(/\s+/g, "");
-  if (!compact) {
-    return "unknown";
-  }
-  return maskApiKey(compact);
-}
-
-function formatCredentialSnippet(params: {
-  value: string | undefined;
-  ref: { source: string; id: string } | undefined;
-}): string {
-  const value = typeof params.value === "string" ? params.value.trim() : "";
-  if (value) {
-    return formatApiKeySnippet(value);
-  }
-  if (params.ref) {
-    return `ref(${params.ref.source}:${params.ref.id})`;
-  }
-  return "unknown";
-}
-
 export function resolveModelAuthLabel(params: {
   provider?: string;
   cfg?: OpenClawConfig;
@@ -69,13 +46,9 @@ export function resolveModelAuthLabel(params: {
       return `oauth${label ? ` (${label})` : ""}`;
     }
     if (profile.type === "token") {
-      return `token ${formatCredentialSnippet({ value: profile.token, ref: profile.tokenRef })}${
-        label ? ` (${label})` : ""
-      }`;
+      return `token${label ? ` (${label})` : ""}`;
     }
-    return `api-key ${formatCredentialSnippet({ value: profile.key, ref: profile.keyRef })}${
-      label ? ` (${label})` : ""
-    }`;
+    return `api-key${label ? ` (${label})` : ""}`;
   }
 
   const envKey = resolveEnvApiKey(providerKey);
@@ -83,12 +56,12 @@ export function resolveModelAuthLabel(params: {
     if (envKey.source.includes("OAUTH_TOKEN")) {
       return `oauth (${envKey.source})`;
     }
-    return `api-key ${formatApiKeySnippet(envKey.apiKey)} (${envKey.source})`;
+    return `api-key (${envKey.source})`;
   }
 
   const customKey = getCustomProviderApiKey(params.cfg, providerKey);
   if (customKey) {
-    return `api-key ${formatApiKeySnippet(customKey)} (models.json)`;
+    return `api-key (models.json)`;
   }
 
   return "unknown";